用于Webfaction上受保护文件的Django Nginx X-Accel-Redirect
如果您想折磨某人直到时间结束,只需让他们配置Django和Nginx X-Accel-Redirect.这实际上是不可能的,我已经尝试了好几天.
If you want to torment someone until the end of time, just get them to configure Django and Nginx X-Accel-Redirect. This is literally impossible, I have been trying for days.
我正在尝试仅允许在Webfaction上使用Nginx从Django登录视图中下载某些文件.这是我所拥有的:
I am trying to only allow certain files to be downloaded from logged in views in django using Nginx on webfaction. Here is what I have:
自定义Nginx应用程序在/static下的端口27796上侦听.这是conf.
Custom Nginx app listening on port 27796 under /static. Here is the conf.
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 27796;
server_name myurl.com;
root /home/ucwsri/webapps/static_media_ucwsri_nginx;
location / {
autoindex on;
}
location ^.*/protected-files {
internal;
alias /home/ucwsri/webapps/static_media_ucwsri_nginx/protected;
}
所有静态内容都在/home/ucwsri/webapps/static_media_ucwsri_nginx中,并且已由此Nginx应用正确提供.
All static content is in /home/ucwsri/webapps/static_media_ucwsri_nginx, and is being correctly served by this Nginx app.
我要保护的文件在这里:
The files I want protected are here:
/home/ucwsri/webapps/static_media_ucwsri_nginx/protected
这是Nginx中^.*/protected-files块下列出的别名.
Which is the alias listed under the location ^.*/protected-files block in Nginx.
该视图因此简单地发出Http响应:
The view simply makes an Http Response thus:
response = HttpResponse()
url = "/static/protected-files/some-file.pdf"
response['X-Accel-Redirect'] = url
return response
/home/ucwsri/webapps/static_media_ucwsri_nginx/protected
无论我尝试什么,当尝试通过该视图的POST请求获取该文件时,都会从Nginx获取404.我已经尝试了所有我能想到的一切,每个位置组合块都无济于事.始终是404.
Whatever I try I get a 404 from Nginx when trying to get that file as a POST request that goes to that view. I have tried everything I can think of, every location combination block, nothing works. Always a 404.
请有人让我摆脱痛苦,并告诉我我做错了什么.对于看似如此简单的事情,这确实是残酷的.
Someone please put me out of my misery and tell me what I have done wrong. This is truly brutal for something seemingly so simple.
首先,您的location ^.*/protected-files是胡说八道.我猜想,您已经错过了~修饰符,但即使在那种情况下,它也没有用.
First, your location ^.*/protected-files is nonsense. I guess, you've missed ~ modifier, but even in that case it would be useless.
第二,您尚未保护/protected/文件夹.直接向/protected/some-file.pdf请求将下载该文件,而没有任何保护.
Second, you have not protected /protected/ folder. Direct request to /protected/some-file.pdf will download that file without any protection.
第三,您在X-Accel-Redirect中有/static/protected-files/some-file.pdf,但是之前没有提到任何static文件夹.
Third, you have /static/protected-files/some-file.pdf in X-Accel-Redirect, but you didn't mention any static folder before.
所以,我建议进行以下配置:
So, I would suggest following config:
server {
listen 27796;
server_name myurl.com;
root /home/ucwsri/webapps/static_media_ucwsri_nginx;
location / {
autoindex on;
}
location ^~ /protected/ {
internal;
}
django应该是:
And django should be:
response = HttpResponse()
url = "/protected/some-file.pdf"
response['X-Accel-Redirect'] = url
return response
摘要:
- 保护真实文件夹.
-
X-Accel-Redirect是URI,只需考虑一下就好象用户将其放在浏览器地址栏中.唯一的区别是internal允许使用X-Accel-Redirect进行访问,而禁止直接从浏览器进行用户访问.
- Protect real folder.
-
X-Accel-Redirectis URI, just think about it as if user put that URI in browser address bar. The only difference is thatinternalwill allow access withX-Accel-Redirectwhile forbid direct user access from browser.